
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="zh_Hans">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Apache 利用 Django 的用户数据库进行验证 &#8212; Django 3.2.11.dev 文档</title>
    <link rel="stylesheet" href="../../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../../_static/doctools.js"></script>
    <script type="text/javascript" src="../../../_static/language_data.js"></script>
    <link rel="index" title="索引" href="../../../genindex.html" />
    <link rel="search" title="搜索" href="../../../search.html" />
    <link rel="next" title="如何使用 ASGI 来部署" href="../asgi/index.html" />
    <link rel="prev" title="如何使用 Apache 和 mod_wsgi 托管 Django" href="modwsgi.html" />



 
<script src="../../../templatebuiltins.js"></script>
<script>
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../../../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);</script>

  </head><body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../../../index.html">Django 3.2.11.dev 文档</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../../../index.html">Home</a>  |
        <a title="Table of contents" href="../../../contents.html">Table of contents</a>  |
        <a title="Global index" href="../../../genindex.html">Index</a>  |
        <a title="Module index" href="../../../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="modwsgi.html" title="如何使用 Apache 和 &lt;code class=&#34;docutils literal notranslate&#34;&gt;&lt;span class=&#34;pre&#34;&gt;mod_wsgi&lt;/span&gt;&lt;/code&gt; 托管 Django">previous</a>
     |
    <a href="../../index.html" title="操作指南" accesskey="U">up</a>
   |
    <a href="../asgi/index.html" title="如何使用 ASGI 来部署">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="howto-deployment-wsgi-apache-auth">
            
  <div class="section" id="s-authenticating-against-django-s-user-database-from-apache">
<span id="authenticating-against-django-s-user-database-from-apache"></span><h1>Apache 利用 Django 的用户数据库进行验证<a class="headerlink" href="#authenticating-against-django-s-user-database-from-apache" title="永久链接至标题">¶</a></h1>
<p>使用 Apache 时，保持多个身份认证数据同步是一个常见的问题，你可以让 Apache 直接使用 Django 的 <a class="reference internal" href="../../../topics/auth/index.html"><span class="doc">验证系统</span></a>。这要求 Apache 版本 &gt;= 2.2，且 mod_wsgi &gt;= 2.0。例如这样：</p>
<ul class="simple">
<li>仅为已授权的用户直接从 Apache 提供 static/media 文件。</li>
<li>仅为有特定权限的 Django 用户提供 Subversion 仓库访问。</li>
<li>允许某些用户连接到 <a class="reference external" href="https://httpd.apache.org/docs/2.2/mod/mod_dav.html">mod_dav</a> 创建的 WebDAV 共享。</li>
</ul>
<div class="admonition note">
<p class="first admonition-title">注解</p>
<p class="last">若你已安装了一个 <a class="reference internal" href="../../../topics/auth/customizing.html#auth-custom-user"><span class="std std-ref">自定义用户模型</span></a>，且想使用其默认认证处理器，它必须要支持 <code class="docutils literal notranslate"><span class="pre">is_active</span></code> 属性。若你想使用用户组授权，自定义用户必须有个关联名 'groups`，指向一个拥有 'name' 字段的关联对象。若自定义的无法满足上述要求，你也可以指定自定义 mod_wsgi 认证处理器。</p>
</div>
<div class="section" id="s-authentication-with-mod-wsgi">
<span id="authentication-with-mod-wsgi"></span><h2>用 <code class="docutils literal notranslate"><span class="pre">mod_wsgi</span></code> 进行授权认证<a class="headerlink" href="#authentication-with-mod-wsgi" title="永久链接至标题">¶</a></h2>
<div class="admonition note">
<p class="first admonition-title">注解</p>
<p class="last">以下配置文件中的 <code class="docutils literal notranslate"><span class="pre">WSGIApplicationGroup</span> <span class="pre">%{GLOBAL}</span></code> 假定 Apache 实例仅运行了一个 Django 应用。若你运行了不止一个 Django 应用，请参考 mod_wigi 文档的 <a class="reference external" href="https://modwsgi.readthedocs.io/en/develop/user-guides/configuration-guidelines.html#defining-application-groups">定义应用集群</a> 章节获取更多配置信息。</p>
</div>
<p>确保你已按照 <a class="reference internal" href="modwsgi.html"><span class="doc">Apache 配合 mod_wsgi</span></a> 文档正确安装并激活了 mod_wsgi。</p>
<p>然后，编辑 Apache 配置，添加只允许授权用户查看的位置：</p>
<div class="highlight-apache notranslate"><div class="highlight"><pre><span></span><span class="nb">WSGIScriptAlias</span> / <span class="sx">/path/to/mysite.com/mysite/wsgi.py</span>
<span class="nb">WSGIPythonPath</span> <span class="sx">/path/to/mysite.com</span>

<span class="nb">WSGIProcessGroup</span> %{GLOBAL}
<span class="nb">WSGIApplicationGroup</span> %{GLOBAL}

<span class="nt">&lt;Location</span> <span class="s">&quot;/secret&quot;</span><span class="nt">&gt;</span>
    <span class="nb">AuthType</span> Basic
    <span class="nb">AuthName</span> <span class="s2">&quot;Top Secret&quot;</span>
    <span class="nb">Require</span> valid-user
    <span class="nb">AuthBasicProvider</span> wsgi
    <span class="nb">WSGIAuthUserScript</span> <span class="sx">/path/to/mysite.com/mysite/wsgi.py</span>
<span class="nt">&lt;/Location&gt;</span>
</pre></div>
</div>
<p><code class="docutils literal notranslate"><span class="pre">WSGIAuthUserScript</span></code> 指令告诉 mod_wsgi 在指定 wsgi 脚本中执行 <code class="docutils literal notranslate"><span class="pre">check_password</span></code> 函数，并传递从提示符获取的用户名和密码。在本例中， <code class="docutils literal notranslate"><span class="pre">WSGIAuthUserScript</span></code> 与 <code class="docutils literal notranslate"><span class="pre">WSGIScriptAlias</span></code> 一样，后者 <a class="reference internal" href="index.html"><span class="doc">由 django-admin startproject 创建</span></a>，定义了应用。</p>
<div class="admonition-using-apache-2-2-with-authentication admonition">
<p class="first admonition-title">使用带身份验证的 Apache 2.2</p>
<p>确认 <code class="docutils literal notranslate"><span class="pre">mod_auth_basic</span></code> 和 <code class="docutils literal notranslate"><span class="pre">mod_authz_user</span></code> 被加载了。</p>
<p>这些可能被静态编译进 Apache，或者用 LoadModule 在 <code class="docutils literal notranslate"><span class="pre">httpd.conf</span></code> 动态加载它们：</p>
<div class="last highlight-apache notranslate"><div class="highlight"><pre><span></span><span class="nb">LoadModule</span> auth_basic_module modules/mod_auth_basic.so
<span class="nb">LoadModule</span> authz_user_module modules/mod_authz_user.so
</pre></div>
</div>
</div>
<p>最后，编辑 WSGI 脚本 <code class="docutils literal notranslate"><span class="pre">mysite.wsgi</span></code>，通过导入 <code class="docutils literal notranslate"><span class="pre">check_password</span></code> 函数，将 Apache 的认证授权机制接续在你站点的授权机制之后:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">os</span>

<span class="n">os</span><span class="o">.</span><span class="n">environ</span><span class="p">[</span><span class="s1">&#39;DJANGO_SETTINGS_MODULE&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s1">&#39;mysite.settings&#39;</span>

<span class="kn">from</span> <span class="nn">django.contrib.auth.handlers.modwsgi</span> <span class="kn">import</span> <span class="n">check_password</span>

<span class="kn">from</span> <span class="nn">django.core.handlers.wsgi</span> <span class="kn">import</span> <span class="n">WSGIHandler</span>
<span class="n">application</span> <span class="o">=</span> <span class="n">WSGIHandler</span><span class="p">()</span>
</pre></div>
</div>
<p>以 <code class="docutils literal notranslate"><span class="pre">/secret/</span></code> 开头的请求现在会要求用户认证。</p>
<p>mod_wsgi <a class="reference external" href="https://modwsgi.readthedocs.io/en/develop/user-guides/access-control-mechanisms.html">可达性控制机制文档</a> 提供了其它授权机制和方法的更多细节和信息。</p>
<div class="section" id="s-authorization-with-mod-wsgi-and-django-groups">
<span id="authorization-with-mod-wsgi-and-django-groups"></span><h3>利用 <code class="docutils literal notranslate"><span class="pre">mod_wsgi</span></code> 和 Django 用户组(groups)进行授权<a class="headerlink" href="#authorization-with-mod-wsgi-and-django-groups" title="永久链接至标题">¶</a></h3>
<p>mod_wsgi 也提供了将组成员限制至特定路径的功能。</p>
<p>在本例中，Apache 配置应该看起来像这样：</p>
<div class="highlight-apache notranslate"><div class="highlight"><pre><span></span><span class="nb">WSGIScriptAlias</span> / <span class="sx">/path/to/mysite.com/mysite/wsgi.py</span>

<span class="nb">WSGIProcessGroup</span> %{GLOBAL}
<span class="nb">WSGIApplicationGroup</span> %{GLOBAL}

<span class="nt">&lt;Location</span> <span class="s">&quot;/secret&quot;</span><span class="nt">&gt;</span>
    <span class="nb">AuthType</span> Basic
    <span class="nb">AuthName</span> <span class="s2">&quot;Top Secret&quot;</span>
    <span class="nb">AuthBasicProvider</span> wsgi
    <span class="nb">WSGIAuthUserScript</span> <span class="sx">/path/to/mysite.com/mysite/wsgi.py</span>
    <span class="nb">WSGIAuthGroupScript</span> <span class="sx">/path/to/mysite.com/mysite/wsgi.py</span>
    <span class="nb">Require</span> <span class="k">group</span> secret-agents
    <span class="nb">Require</span> valid-user
<span class="nt">&lt;/Location&gt;</span>
</pre></div>
</div>
<p>要支持 <code class="docutils literal notranslate"><span class="pre">WSGIAuthGroupScript</span></code> 指令，同样的 WSGI 脚本 <code class="docutils literal notranslate"><span class="pre">mysite.wsgi</span></code> 必须也导入 <code class="docutils literal notranslate"><span class="pre">groups_for_user</span></code> 函数，函数会返回用户所属用户组的列表。</p>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">django.contrib.auth.handlers.modwsgi</span> <span class="kn">import</span> <span class="n">check_password</span><span class="p">,</span> <span class="n">groups_for_user</span>
</pre></div>
</div>
<p>对 <code class="docutils literal notranslate"><span class="pre">/secret</span></code> 的请求现在也会要求用户是 &quot;secret-agents&quot; 用户组的成员。</p>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../../../contents.html">Table of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Apache 利用 Django 的用户数据库进行验证</a><ul>
<li><a class="reference internal" href="#authentication-with-mod-wsgi">用 <code class="docutils literal notranslate"><span class="pre">mod_wsgi</span></code> 进行授权认证</a><ul>
<li><a class="reference internal" href="#authorization-with-mod-wsgi-and-django-groups">利用 <code class="docutils literal notranslate"><span class="pre">mod_wsgi</span></code> 和 Django 用户组(groups)进行授权</a></li>
</ul>
</li>
</ul>
</li>
</ul>

  <h4>上一个主题</h4>
  <p class="topless"><a href="modwsgi.html"
                        title="上一章">如何使用 Apache 和 <code class="docutils literal notranslate"><span class="pre">mod_wsgi</span></code> 托管 Django</a></p>
  <h4>下一个主题</h4>
  <p class="topless"><a href="../asgi/index.html"
                        title="下一章">如何使用 ASGI 来部署</a></p>
  <div role="note" aria-label="source link">
    <h3>本页</h3>
    <ul class="this-page-menu">
      <li><a href="../../../_sources/howto/deployment/wsgi/apache-auth.txt"
            rel="nofollow">显示源代码</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>快速搜索</h3>
    <div class="searchformwrapper">
    <form class="search" action="../../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="转向" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">12月 07, 2021</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="modwsgi.html" title="如何使用 Apache 和 &lt;code class=&#34;docutils literal notranslate&#34;&gt;&lt;span class=&#34;pre&#34;&gt;mod_wsgi&lt;/span&gt;&lt;/code&gt; 托管 Django">previous</a>
     |
    <a href="../../index.html" title="操作指南" accesskey="U">up</a>
   |
    <a href="../asgi/index.html" title="如何使用 ASGI 来部署">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>